Privacy Policy

01

Data controller

The Data Controller for personal data collected through this Platform is:

Company

Sun Cyprus Group

Registered office

Ydras 7, 501-B, Germasogeia 4047
Limassol, Cyprus

Email

info@suncyprus.net

Phone

+357 97 67 2201

This Privacy Policy describes how Sun Cyprus Group collects, uses, stores and protects the personal data of users who register on or interact with the Platform, in compliance with the General Data Protection Regulation (GDPR – EU Regulation 2016/679) and applicable Cypriot data protection law.

02

Data we collect

We collect and process the following categories of personal data, depending on how you interact with the Platform:

Category	Data collected	Mandatory
Account data	Username, email address, password (stored in encrypted form)	Yes
Profile data	Business or personal description (max 140 characters), languages spoken, profile picture	No – optional
Listing data	Vessel details, photos, availability and rental terms submitted by Owners	Only for Owners
Communications	Messages exchanged via the integrated chat between users	Only when used
Technical data	IP address, browser type, device information, access logs	Automatic

We do not collect payment data of any kind. All financial transactions are handled directly between users outside the Platform.

03

Purposes and legal basis for processing

We process your personal data only for specified, explicit and legitimate purposes. The table below outlines each processing activity and its corresponding legal basis under the GDPR:

Purpose	Legal basis (GDPR Art. 6)
Creating and managing your user account	Art. 6(1)(b) – Performance of a contract
Enabling communication between users (chat, email)	Art. 6(1)(b) – Performance of a contract
Publishing and managing vessel listings	Art. 6(1)(b) – Performance of a contract
Sending transactional emails (registration confirmation, account and booking notifications)	Art. 6(1)(b) – Performance of a contract
Security, fraud prevention and platform integrity (incl. reCAPTCHA)	Art. 6(1)(f) – Legitimate interests
Compliance with legal obligations	Art. 6(1)(c) – Legal obligation

We do not use your personal data for automated decision-making or profiling as defined under Article 22 of the GDPR.

04

Emails and notifications

The Platform sends automated emails to users solely for operational and account-related purposes. These are transactional communications necessary for the functioning of the service and are not marketing messages.

The types of emails you may receive include:

Email type	Trigger
Registration confirmation	Sent upon successful account creation to verify your email address
Password change notification	Sent when a change to your account password is detected
Account update notification	Sent when significant changes are made to your account settings or profile
Listing status notification	Sent when the status of a vessel listing you are associated with is updated (e.g., marked as Booked)

We do not send marketing newsletters or promotional communications. If this changes in the future, we will update this Privacy Policy and obtain your explicit prior consent before doing so.

05

Cookies and Google reCAPTCHA

The Platform uses a limited set of cookies and third-party technologies necessary for its core functionality and security. We do not use advertising cookies, tracking pixels or behavioural analytics tools.

Essential cookies are set automatically when you visit the Platform and are strictly necessary for navigation and account functionality (e.g., session management, login state). These cookies do not require your consent under applicable law.

Google reCAPTCHA v3 is integrated into the registration form to protect the Platform against automated abuse and fraudulent account creation. This service is provided by Google LLC and may collect certain technical information (including your IP address and behavioural signals) to assess whether an interaction is performed by a human. This data is processed by Google in accordance with Google’s Privacy Policy.

No third-party advertising cookies, social media tracking pixels (such as Facebook/Meta Pixel) or analytics cookies (such as Google Analytics) are currently in use on this Platform.

Should we introduce additional cookies in the future, we will update this Privacy Policy accordingly and, where required, seek your prior consent through a dedicated cookie consent mechanism.

06

Data storage and retention

All personal data collected through the Platform is stored on servers physically located within the European Union. Data transfers outside the EU/EEA do not take place, except for the limited technical data processed by Google in connection with the reCAPTCHA service, which is governed by Google’s own data protection commitments and Standard Contractual Clauses.

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, in accordance with the following general principles:

Data type	Retention period
Account and profile data	For the duration of the account, plus up to 12 months after deletion request
Vessel listing data	For the duration of the listing, or until the Owner removes it
Chat messages	For the duration of the relevant conversation thread
Technical/access logs	Up to 12 months for security purposes
Data required by law	As required by applicable legal or regulatory obligations

Upon expiry of the applicable retention period, data is securely deleted or anonymised so that it can no longer be linked to any identified or identifiable individual.

07

Third-party sharing

Sun Cyprus Group does not sell, rent or share your personal data with third parties for commercial or marketing purposes.

Your data may be shared with third parties only in the following limited circumstances:

Service providers: We may engage trusted third-party providers (such as hosting infrastructure providers and email delivery services) who process data on our behalf solely to deliver the Platform’s functionality. These providers are contractually bound to process data only in accordance with our instructions and in compliance with the GDPR.

Google reCAPTCHA: As described in Section 5, certain technical data is processed by Google LLC in connection with the reCAPTCHA service integrated into the registration form.

Legal requirements: We may disclose personal data if required to do so by law, by a court order, or by a competent regulatory or law enforcement authority.

Visibility between users: Please note that certain profile information (username, optional description, languages spoken and profile picture) is visible to other registered users of the Platform by design, as part of the service’s directory functionality.

08

Your rights under the GDPR

As a data subject under the GDPR, you have the following rights with respect to your personal data. You may exercise any of these rights at any time by contacting us at info@suncyprus.net.

Right of access

Obtain confirmation that your data is being processed and receive a copy of it.

Right to rectification

Request correction of inaccurate or incomplete personal data we hold about you.

Right to erasure

Request deletion of your personal data (“right to be forgotten”), subject to legal retention obligations.

Right to restriction

Request that we limit how your data is processed in certain circumstances.

Right to portability

Receive your data in a structured, machine-readable format and transfer it to another controller.

Right to object

Object to processing based on legitimate interests, including any future direct marketing.

Right to withdraw consent

Where processing is based on consent, withdraw it at any time without affecting prior processing.

Right to lodge a complaint

File a complaint with the Office of the Commissioner for Personal Data Protection in Cyprus or any competent EU supervisory authority.

We will respond to all requests within 30 days. In complex cases, this period may be extended by a further two months, of which you will be duly notified.

To lodge a complaint with the Cypriot supervisory authority, please visit the Office of the Commissioner for Personal Data Protection: www.dataprotection.gov.cy

09

Security

Sun Cyprus Group implements appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, disclosure, alteration or destruction. These measures include, but are not limited to, encrypted password storage, restricted access controls and secure server infrastructure located within the EU.

The Platform’s registration process is further protected by Google reCAPTCHA to prevent automated and fraudulent access attempts.

While we strive to apply industry-standard security practices, no method of transmission over the internet or method of electronic storage is 100% secure. In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and, where required, inform affected users without undue delay.

10

Changes to this Privacy Policy

Sun Cyprus Group reserves the right to update or amend this Privacy Policy at any time to reflect changes in applicable law, our data processing practices or the features of the Platform. The date of the most recent revision is indicated at the top of this page.

Where changes are material, we will notify registered users via email or by means of a prominent notice on the Platform prior to the changes taking effect. We encourage you to review this Privacy Policy periodically.

Continued use of the Platform after any changes have been published constitutes your acknowledgement of the updated Privacy Policy.

11

Contact the Data Controller

For any questions, concerns or requests regarding this Privacy Policy or the processing of your personal data, please contact us at:

Data Controller